package com.ymh.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * @author: 13590
 * @date: 2020/11/8 20:23
 * @description:
 */

@Configuration
@EnableWebFluxSecurity
public class ResourceServerConfig {
  @Autowired
  private  AuthorizationManager authorizationManager;
  @Autowired
  private  RestfulAccessDeniedHandler restfulAccessDeniedHandler;
  @Autowired
  private  RestAuthenticationEntryPoint restAuthenticationEntryPoint;

  @Bean
  public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    //白名单配置
    http.authorizeExchange()
        //鉴权管理器配置
        .anyExchange().access(authorizationManager)
        .and().exceptionHandling()
        //处理未授权
        .accessDeniedHandler(restfulAccessDeniedHandler)
        //处理未认证
        .authenticationEntryPoint(restAuthenticationEntryPoint)
        // csrf校验关闭
        .and().csrf().disable();
    return http.build();
  }

  @Bean
  public RemoteTokenServices remoteTokenServices(){
    RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
    remoteTokenServices.setClientId("app");
    remoteTokenServices.setClientSecret("app");
    remoteTokenServices.setCheckTokenEndpointUrl("http://localhost:8070/auth/oauth/check_token");
    return remoteTokenServices;
  }

}
